- PR-7104 - ActiveRecord syntax fix for framework db credential iteration. This uses the new join syntax with the Metasploit database.
- PR-7100 - This fixes an issue with the Burp importer dropping vulnerability information if there is no reference, which would result in missing exploitation coverage, and in reporting.
- PR-7089 - Corrected Usage of Port and Regex Datastore types The nbns_response spoofer and HTTP cert scanner modules did not use the default types of their datastore options as expected, leading to backtraces or unexpected behavior.
- PR-7087 - This patch fixes a migration problem in the Beholder plugin. It allows you to be able to actually migrate when multiple users are logged in.
- PR-6932 - This updates the SQL injection in joomla_contenthistory_sqli_rce to be more reliable. It also fixes some minor output inconsistencies in the module.
- PR-6733 - This is a partial fix for psexec with 64-bit payloads. In some edge cases, the payload would fail to spawn. Mostly, though, this PR corrects a cargo-culted piece of code ('StackAdjustment' => -3500) that plagues our exploit modules.
- Pro - MS-340 - During evidence collection, the Quick Pentest Wizard would fail and display a stack trace. This fix modifies the sleep time so that the stdapi has time to load and the Quick Pentest Wizard does not error out during the collection phase.
- Pro - MS-1540 - If the Vulnerable Hosts report contained custom-created vulnerability references that do not use hyphens, an exception would occur during report generation. This fix adds better handling for vulnerability references that do not use hyphens.
- Pro - MS-1667 - Target lists no longer allow duplicate entries.
Features and Enhancements
- PR-7068 - New POSIX Meterpreter (payload) This payload represents a new POSIX implementation of Meterpreter. We are in the process of adding more features to bring this Meterpreter up to parity with other Meterpreters.
- PR-7064 - A feature of the WebNMS 5.2 system is that is stores obfuscated credentials in a external-facing file protected by a reversible obfuscation technique. This module retrieves the credentials and de-obfuscates the password, providing the plaintext login credentials.
- PR-6777 - The Xen 4.2.0 Denial of Service module exploits a memory corruption in Xen 4.2.0 that causes a denial of service in the hypervisor from a hosted VM, including dom0.
- Riverbed SteelCentral NetProfiler/NetExpress Remote Code Execution - This module chains together multiple vulnerabilities present in both products which when exploited results in remote code execution as root.
- Ruby on Rails ActionPack Inline ERB Code Execution - This module exploits a remote code execution vulnerability in the inline request processor of the Ruby on Rails ActionPack component. This vulnerability allows an attacker to process ERB to the inline JSON processor, which is then rendered, permitting full RCE within the runtime, without logging an error condition.
- Tiki Wiki Unauthenticated File Upload Vulnerability - This module exploits a vulnerability found in a third-party component named ELFinder in Tiki CMS. It allows an attacker to upload a malicious script without authentication, and execute under the context of the web server.
- MS16-016 mrxdav.sys WebDav Local Privilege Escalation by Tamas Koczka and William Webb exploits CVE-2016-0051
- MS16-032 Secondary Logon Handle Privilege Escalation - The Exploit abuses a flaw in the Windows Secondary Logon Service to leak a SYSTEM impersonation token to another thread. Payloads are pushed to a compressed Powershell script in a plain text file on the disk to execute.
To download the offline file for this update, go to http://updates.metasploit.com/packages/dd2747539cd9167fdc45397330a8320d72bd497c. bin .
PRO 4.12.0 updates to 4.12.0-2016071801